US9594916B2ActiveUtilityA1

Method and devices for providing secure data backup from a mobile communication device to an external computing device

52
Assignee: BLACKBERRY LTDPriority: Jun 15, 2007Filed: May 15, 2015Granted: Mar 14, 2017
Est. expiryJun 15, 2027(~0.9 yrs left)· nominal 20-yr term from priority
H04L 9/0894H04L 2209/80G06F 11/1458G06F 2221/2143G06F 21/86H04W 12/04G06F 11/1448G06F 2201/80H04L 9/16G06F 21/602G06F 11/1469G06F 11/1456G06F 11/1464G06F 11/1451H04W 12/35
52
PatentIndex Score
0
Cited by
50
References
20
Claims

Abstract

A method and devices for providing secure data backup from a mobile communication device to an external computing device is described. In one embodiment, there is provided a method of backing up data from a mobile communication device, the method comprising: receiving from an enterprise server an information technology (IT) policy message which includes an encryption key; storing the encryption key in a protected memory of the mobile communication device; receiving a request to backup data stored on the mobile communication device; encrypting the data using the encryption key stored in the protected memory; and transferring the encrypted data from the mobile communication device to an electronic device for storage.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method performed by a mobile communication device of backing up data, the method comprising:
 receiving from an enterprise server a first information technology (IT) policy message which includes an encryption key for encrypting backup data; 
 receiving from the enterprise server a second IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 storing the encryption key in a protected portion of a hardware memory of the mobile communication device; 
 receiving a request to backup data stored on the mobile communication device; 
 encrypting data which is to be encrypted in accordance with the first IT policy rule using the encryption key stored in the protected portion of the hardware memory; and 
 transferring the encrypted data from the mobile communication device to an electronic device for storage. 
 
     
     
       2. The method of  claim 1 , wherein access to the protected portion of the hardware memory is restricted. 
     
     
       3. The method of  claim 1 , wherein access to the protected portion of the hardware memory is restricted to authorized applications. 
     
     
       4. The method of  claim 1 , wherein access to the protected portion of the hardware memory is restricted to authorized applications such that storing, updating, or deleting the encryption key is restricted to IT policy messages received from the enterprise server. 
     
     
       5. The method of  claim 1 , wherein the encryption key is a symmetric Encryption key used for encryption and decryption. 
     
     
       6. The method of  claim 1 , further comprising:
 receiving from the enterprise server a third IT policy message which includes a decryption key; and 
 storing the decryption key in the protected portion of the hardware memory. 
 
     
     
       7. The method of  claim 1 , further comprising:
 receiving from the enterprise server a third IT policy message including a second IT policy rule, the second IT policy rule restricting the data which can be backed up. 
 
     
     
       8. The method of  claim 7 , wherein the second IT policy rule in the third IT policy message restricts the data which can be backed up to personal, non-enterprise data. 
     
     
       9. The method of  claim 7 , wherein the first IT policy message, the second IT policy message and the third IT policy message are the same IT policy message. 
     
     
       10. The method of  claim 1 , further comprising:
 transferring the data stored on the mobile communication device which the first IT policy rule does not specify is not to be encrypted in unencrypted form to the electronic device for storage. 
 
     
     
       11. The method of  claim 1 , wherein the first IT policy message and the second IT policy message are the same IT policy message. 
     
     
       12. The method of  claim 1 , wherein the electronic device is a remote server. 
     
     
       13. The method of  claim 1 , wherein the electronic device is a computer to which the mobile communication device is connected. 
     
     
       14. The method of  claim 1 , wherein the data comprises a plurality of databases, and wherein the protected portion of the hardware memory includes a plurality of encryption keys, each encryption key being associated with a respective database, wherein each database is encrypted using the associated encryption key with the respective database. 
     
     
       15. A mobile communication device, comprising:
 a processor; 
 a communication interface coupled to the processor; 
 a hardware memory coupled to the processor, the hardware memory storing executable instructions that, when executed by the processor, cause the processor to:
 receive from an enterprise server an information technology (IT) policy message which includes an encryption key for encrypting backup data; 
 receive from the enterprise server an IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 store the encryption key in a protected portion of the hardware memory of the mobile communication device; 
 receive a request to backup data stored on the mobile communication device; 
 encrypt data which is to be encrypted in accordance with the first IT policy rule using the encryption key stored in the protected portion of the hardware memory; and 
 transfer the encrypted data from the mobile communication device to an electronic device for storage. 
 
 
     
     
       16. A non-transitory machine readable medium having tangibly stored thereon executable instructions that, when executed by a processor of a mobile communication device, cause the mobile communication device to:
 receive from an enterprise server an information technology (IT) policy message which includes an encryption key for encrypting backup data; 
 receive from the enterprise server an IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 store the encryption key in a protected portion of a hardware memory of the mobile communication device; 
 receive a request to backup data stored on the mobile communication device; 
 encrypt data which is to be encrypted in accordance with the first IT policy rule using the encryption key stored in the protected portion of the hardware memory; and 
 transfer the encrypted data from the mobile communication device to an electronic device for storage. 
 
     
     
       17. A method performed by a mobile communication device of restoring backup data, the method comprising:
 receiving from an enterprise server an information technology (IT) policy message which includes a decryption key for decrypting encrypted backup data; 
 receiving from the enterprise server an IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 storing the decryption key in a protected portion of a hardware memory of the mobile communication device; 
 receiving a request to restore backup data from another electronic device to the mobile communication device; 
 receiving backup data, including encrypted backup data, from the other electronic device; 
 decrypting the encrypted data using the decryption key stored in the protected portion of the hardware memory; and 
 storing the decrypted data in the hardware memory of the mobile communication device. 
 
     
     
       18. The method of  claim 17 , wherein the backup data also includes unencrypted data, the method further comprising:
 storing the unencrypted data in the hardware memory of the mobile communication device. 
 
     
     
       19. A mobile communication device, comprising:
 a processor; 
 a communication interface coupled to the processor; 
 a hardware memory coupled to the processor, the hardware memory storing executable instructions that, when executed by the processor, cause the processor to:
 receive from an enterprise server an information technology (IT) policy message which includes a decryption key for decrypting encrypted backup data; 
 receive from the enterprise server an IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 store the decryption key in a protected portion of the hardware memory of the mobile communication device; 
 receive a request to restore backup data from another electronic device to the mobile communication device; 
 receive backup data, including encrypted backup data, from the other electronic device; 
 decrypt the encrypted data using the decryption key stored in the protected portion of the hardware memory; and 
 store the decrypted data in the hardware memory of the mobile communication device. 
 
 
     
     
       20. A non-transitory machine readable medium having tangibly stored thereon executable instructions that, when executed by a processor of a mobile communication device, cause the mobile communication device to:
 receive from an enterprise server an information technology (IT) policy message which includes a decryption key for decrypting encrypted backup data; 
 receive from the enterprise server an IT policy message including a first IT policy rule, the first IT policy rule specifying data stored on the mobile communication device which is to be encrypted during a backup; 
 store the decryption key in a protected portion of a hardware memory of the mobile communication device; 
 receive a request to restore backup data from another electronic device to the mobile communication device; 
 receive backup data, including encrypted backup data, from the other electronic device; 
 decrypt the encrypted data using the decryption key stored in the protected portion of the hardware memory; and 
 store the decrypted data in the hardware memory of the mobile communication device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.